Posted
by
timothy
on Monday July 04, 2011 @02:18PM
from the are-you-now-or-have-you-ever-been dept.

baerm writes "With GoDaddy being purchased by private equity firms (i.e. it will be sucked dry with service reduction and price increases until it dies) what other Registrars support DNSSEC? GoDaddy is the only registrar I could find that supports DNSSEC for registrees running their own DNS. It was fairly easy to add the Key Signing Keys' DS records to the parent zone using its DNS config. I did find a couple other registrars that were 'testing' DNSSEC or that would support DNSSEC if they ran your DNS. But I couldn't find any other registrars where you could just register, run your own DNS, and use DNSSEC (i.e. with your DS record in your parent zone). That being said, I was only able to research a small percentage of the registrars out there. Does anyone know of registrars, other than GoDaddy, that allow for DNSSEC? That is, registrars that have a method to pass the DS records to the parent zones for their registeree's domains?"

"How do I put my actual name on the domain instead of your hidden service?"

Your question stumped me too until I thought of it for a while and figured out you are _probably_ talking about WHOIS data and private domain regisration. If so, if you ask Google/Godaddy that way, they should be able to give you a straight answer.

Or are you seriously asking how to replace their generic parked domain webpage with your own website? If so, then I don't know what to tell you.

I once worked for a shitty sysadmin who had a ringtone of the sound of his children crying. He once also castigated an intern for downloading "over 50 terabytes this morning!" on a 256kbps connection. Needless to say, he was a worthless human being.

my kids crying would do a great job.. the only problem I really perceive is I might be standing in his bedroom half asleep consoling him over my shoulder while my cellphone carries on on the nightstand...

This is good to know. When I looked at dyndns a few months ago, I was unable to find away to upload DS records to my parent. In fact, this appeared to me to be a registrar that would only support DNSSEC if it managed the DNS (which would already put it ahead of most at the time). I'm hoping this is a fairly recent change and it wasn't just my failure to figure it out at the time. I was a bit disappointed too, because I really like dyndns. It seems to me to be one of the more professional registrars (mo

Your DYNDns.com website does not make it particularly clear that you support DNSSEC on your domain registration product.

You provide the documentation for setting up DNSSec for a domain on http://www.dyndns.com/support/kb/implementing_dnssec.html [dyndns.com], but you don't mention how to submit the information needed for DS records, so you can submit the DS records to the Registry for inclusion in the TLD zone. That page appears to not have been updated in a while, which is probably why it lacks that information.

Several months ago, I thought about opening a coop model registrar, in the same vein as ARIN or other non-profit resource management organizations, but didn't think there'd be enough demand (IT people would dig it, but not your average joe, who is going to use GoDaddy). How difficult is it to start a registrar?

correct, there is a 2500$ non-refundable fee, plus a 175000$ payment upon approval, plus you must have 70000 extra just in case, plus you must prove that you can run a profitable operation and tons of other impediments.

ICANN and verizon control everything and they want to keep it that way.

We are actually thinking about an open source registrar model, but those costs are making it very difficult.

There is a great market there, ICANN only charges like 23cents a year for the name, godaddy and the rest of the re

My point is I *want* to run it as a non-profit organization, similar to Wikipedia. I take in enough money to pay for servers, developers, etc. and keep prices as low as possible, since I have no shareholders demanding their pound of flesh.

I'm not sure why we should immediately assume that GoDaddy will suck just because they were purchased by a private equity firm. GoDaddy had every intention of going public but choose not to because of how they would have had to report their earnings/recognize revenue. From what I remember they would essentially split the revenue of a domain registration out over the life of the domain registration as opposed to immediately upon payment.

GoDaddy is a cash cow that will likely continue to be a cash cow if they parent firm let's GoDaddy continue to operate in the manner they have done so since they were founded.

I'm not an investment equity firm but if I were I would look to maximize revenue over as long of a timeline as possible. GoDaddy has no real tangible assets to come in and suck dry like a large manufacture might so sucking the life out really doesn't make a lot of financial sense.

I've been happy with GoDaddy over the years and will continue to use them until their service slips or their prices get out of control.

I used them through work. Bought an SSL certificate back in the day (2007 I think), and called them up to verify a few things.
Their people were bright, easy to work with, and answered all of my questions.
Since then I have had no problems with them except for their busy website.

They've been my registrar for the last 6-9 years and other then their website being a bit confusing at times, they've been easy to deal with. I was even impressed that their phone support people were in the States and actually spoke english and they didn't work from a damn script. Knowledgable folks and they solved the problem within minutes plus I got a confirmation email for the trouble ticket

I've never used their service, but I do know that I refuse to support any business whose advertising is as dumb and pandering as theirs.

I take it you aren't a beer drinker.

Actually, I share the same opinion that GoDaddy is crap, and I have used their services on the behalf of others (esp. to transfer the domain away), and I do drink beer. Get a clue, you can enjoy a brew and still scoff at immature and sexist ad campaigns -- What? No nearly naked men? (targeted ads at their finest -- unprofessional meatheads who care more about sex appeal in ads than the services the sex is selling.)

Picture trying to hide the nearly lude imagery of the GoDaddy site from a client after ha

If their service slips does that mean that they'll not longer shill bid on their own domain auctions, improperly block users from transferring domains to other registrars and arbitrary suspend registrants like seclist.org? Anyone who uses GoDaddy as a registrar is ignorant of what they do.

I'm not sure why we should immediately assume that GoDaddy will suck just because they were purchased by a private equity firm.

My impression is that private equity in the U.S. can only suck value out of companies. Seen a few and been part of one. Never once had it ended well for customers or the companies itself. The P.E. firms always made out well though.

Anyone know of a private equity transaction that worked out better for customers?

in 2005 I was intern in subsidiary controlling at a German enterprise; one of the companies was merged with an US-based competitor, financed as a 50/50 deal with the Swedish P.E. firm EQT. what I experienced and heard is not so bad, the investor seems to be long-term interested.

today the founded company is healthy and still owned by the two founding/financing partners. no hard facts but at least an anecdote:)

Do these two things really go together? I thought the game was to have an exit strategy so you could get your money out with a decent return as quickly as possible and find something else to invest in. I am not an equity investment form tho.

GoDaddy had every intention of going public but choose not to because of how they would have had to report their earnings/recognize revenue. From what I remember they would essentially split the revenue of a domain registration out over the life of the domain registration as opposed to immediately upon payment.

There is nothing stopping a public company from keeping multiple sets of books as well. Yes they have to follow GAAP rules when it comes to any information they make public but they can do revenue recognition however they like to produce their own financial statements for internal decision making.

Really with computer accounting packages its probably not even much work for anybody. I don't see what the big deal is unless the parent is correct and somebody knows they have real financial problems but the cur

My googlefu may be poor. I'd like to think that since I did this a few months ago, it has become more available since then. But it could be that my searching just kind of sucked. I had two problem though. One is that of the places saying they support DNSSEC, I had a very difficult time figuring out what that meant (they'll let you enter records on there site, you can have records in your own DNS (duh), or you can actually upload your DS records to your parent in some fashion). For the most part it looke

It would be a good idea to throw both GoDaddy and any other kind of centralized DNS out the window. In the long run, only ad hoc networks will be truly robust. Client-server of any kind is just too frail

I second GKG.net [gkg.net]. I've used them for my domains. They were a little slow to add DNSSEC support for some of the gTLDs when each Registry turned up support, but once they added it, I've been in the process of moving domains back.

The only thing I see is they still don't support dot-MOBI. Not really a big deal, as that TLD domain appears to be a flop (wouldn't you want a mobile domain to be *shorter,* not longer?)

Yes. I was working through the Tunnelbroker.net "IPv6 Certification" exercises, and needed a registrar that offered IPv6 glue. GKG.net was at the top of a list of alternatives to GoDaddy.com that offered IPv6 glue.

Gandi.net is in the process of adding DNSSEC support, though I'm not sure how exactly it will work. But they are without a doubt the best domain registrar I've ever found. Far better than GoDaddy. Might be worth waiting. They say it should be completed over the next few months.

As an additional factor, who other than GoDaddy supports both DNSSEC and easy-and-prompt-to-configure IPv6 glue records? I specifically moved from Network Solutions to GoDaddy because it took NetSol weeks to set up my IPv6 glue. (Their interface at the time was "Email us at ipv6req@networksolutions.com and we'll get around to it eventually. Maybe." Maybe they've added it to their admin interface at this point...)

As I see it, we are handing over control of DNS to "trusted" certificate providers because regular DNS can be poisoned by a rogue DNS operator. Do we really believe that no nameservers with a valid certificate are rogues? Or that certified nameservers won't get compromised? I trust certificate authorities like Verisign to watch over me just like I trusted auditors from PwC when they gave AAA ratings to AIG.

What's going to happen is that once one nameserver gets compromised, it will be able to send signed

The chain of trust is only as long as the number of elements in the domain name. It is already common practice for banks and merchants to use 2nd/3rd-level domains so the chains are very short. I suppose technically your OS is an extra step in the chain (and often the most easy to compromise).

Once an organization has setup DNSSEC for their domains there are two main vulnerabilities:The organization could allow it's private keys to become public and then fail to revoke them. This is smiler to their web-serve

You can sign your zones, etc. What you cannot yet do is submit DS keys to the regsitries directly (we're working on it) - this is a "gotcha" of our using openHRS on our backend and we've been in extensive communications with Tucows about this. We're hoping to have this resolved by end-of-summer.